Re: SSL/DTLS: allow setting of app data dissector when using keylog file

[Peter Wu <peter () lekensteyn nl>]

On Mon, Feb 23, 2015 at 10:49:55PM +0100, Peter Wu wrote:
> On Mon, Feb 23, 2015 at 03:32:48PM +0100, Gianrico wrote:
>
> I propose to make one or more of these changes:
>
>  - Call the heuristics dissector only for the first data frame.

I forgot to mention the 1/n-1 splitting which is nowadays commonly done
for SSL dissectors to mitigate BEAST. New-style dissectors could return
"-1" ("I want more data") if they need more than the first byte.

>  - Decouple the list of valid protocols from
>    transport_proto/addr/server_port->appdata_proto/keyfile
>    associations. This allows for multiple valid protocols while linking
>    one unique key per transport_proto/address/server_port tuple.
>    (Jeff, comments?)
>  - Allow a wildcard protocol name in the UAT dialog just to set the key,
>    not the protocol ("any", "*" or the empty string?).
>  - Select an appdata protocol in this order: STARTTLS hint, heuristics,
>    associations, (first available) dissector hint.
>
> Why the suggested protocol selection order?
>
>  - STARTTLS hint is quite strong.
>  - Good heuristics can do "the right thing" automatically.
>  - Associations are entered by the user.
>  - For protocols such as SMTP, there is one clear choice which is great.
>    For port 443, the best guess is HTTP (which should have been caught
>    by the heuristics dissector) but others are possible.

-- 
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe